From owner-freebsd-current@FreeBSD.ORG  Fri Dec 30 09:37:14 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE4EC16A41F
	for <freebsd-current@freebsd.org>; Fri, 30 Dec 2005 09:37:14 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (imap.infracaninophile.co.uk
	[81.187.76.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7306343D48
	for <freebsd-current@freebsd.org>; Fri, 30 Dec 2005 09:37:10 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from [IPv6:::1] (localhost [IPv6:::1])
	by smtp.infracaninophile.co.uk (8.13.4/8.13.4) with ESMTP id
	jBU9avDW067626; Fri, 30 Dec 2005 09:36:57 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
Message-ID: <43B4FFB2.4090203@infracaninophile.co.uk>
Date: Fri, 30 Dec 2005 09:36:50 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051221)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <20051229193328.A13367@cons.org>	<20051230021602.GA9026@pit.databus.com>	<43B498DF.4050204@cyberwang.net>
	<43B49B22.7040307@gmail.com>	<20051229220403.A16743@cons.org>	<20051230053906.GA75942@pit.databus.com>	<2440.193.68.33.1.1135932286.squirrel@193.68.33.1>
	<86irt7dk5k.fsf@xps.des.no>
In-Reply-To: <86irt7dk5k.fsf@xps.des.no>
X-Enigmail-Version: 0.93.0.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
	protocol="application/pgp-signature";
	boundary="------------enigBF8CD5EADB7851B6B7248D42"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(smtp.infracaninophile.co.uk [IPv6:::1]);
	Fri, 30 Dec 2005 09:36:57 +0000 (GMT)
X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS 
	autolearn=ham version=3.1.0
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on 
	happy-idiot-talk.infracaninophile.co.uk
Cc: freebsd-current@freebsd.org,
	=?ISO-8859-15?Q?=C1d=E1m_Szilveszter?= <adamsz@mailpont.hu>
Subject: Re: fetch extension - use local filename from content-disposition
 header
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2005 09:37:15 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBF8CD5EADB7851B6B7248D42
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: quoted-printable

Dag-Erling Sm=F8rgrav wrote:
> =C1d=E1m Szilveszter <adamsz@mailpont.hu> writes:
>=20
>>You know, there are much bigger problems than that. For example the fac=
t,
>>that any vulnerability in fetch(1) or libfetch(3) is a remote root
>>compromise candidate on FreeBSD, because the Ports system still insists=
 on
>>running it as root by default downloading distfiles from unchecked amd
>>potentially unsecure servers all over the Internet.=20
=20
> Wrong.  If you go into a ports directory and type 'make install clean'
> as an unprivileged user, the only parts of the build that actually run
> with root privileges are the final portions of the installation
> sequence.

Not if you, as a naive user, take a freshly installed system and an
unmodified environment.  You'll need to make a bunch of changes
before everything will run smoothly:

   * Make /usr/ports/distfiles writable by user or set $DISTDIR to
     a writable directory
   * Make /var/db/ports writable by user or set $PORT_DBDIR to a=20
     writable location
   * Make each port directory writable -- so the the 'work' directories
     can be created -- or set $WRKDIRPREFIX to a writable location.

And in fact, if you go on to do the same deal with $PKG_DBDIR and $PREFIX=

plus set $INSTALL_AS_USER then you can install most ports entirely as a
mortal user -- the exceptions being ports that want to run mtree(8) or th=
at
need to install programs with specific UID or GIDs.

Not setting $INSTALL_AS_USER means you'll be prompted to supply the root
password where needed at install time.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW


--------------enigBF8CD5EADB7851B6B7248D42
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDtP+58Mjk52CukIwRAzyzAJ9qUTCJ7+U6k7Nf7amW7bMb/xwc5wCfZktU
UMu2dYs4ffejd3KGYF73bho=
=4iCo
-----END PGP SIGNATURE-----

--------------enigBF8CD5EADB7851B6B7248D42--